From patchwork Tue Apr 8 20:50:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61008 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5CCFC369A1 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web11.6949.1744145476499337607 for ; Tue, 08 Apr 2025 13:51:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rHtHdhrm; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2279915e06eso58146175ad.1 for ; Tue, 08 Apr 2025 13:51:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145476; x=1744750276; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rddtyJVGkagQHNe9f3a8JuT1BoUbRkWaa+uFiKj5Ya8=; b=rHtHdhrmKIVAj2eyAPA/HBiqj6LoXxsp6hRJq1957YDujYU/OwKpfuAmDsh7nO3wOo ALcmAwRgU1NsQ7UApZZwGdo0O8GLHOLtxcv+W01FWp9dve63OPv9AEIDomxfEft3qgtt hNSGnQrmPyUmb3s91Pi/52CT4Vos1dznmAlYa3S3zPqS22kE3WhhmSAw+7nMgjAf0Rch oBX/Jn6rFMyX8SHUTWdYzICeTtlbELg2Pbv/2fhK2TIQuKjtD9RZyU9OW9Ls15z101ut Jqn0dreJB7O173qHsNMLyx8sjlQ7m+ocO682KIM++KIrFtYloAeGnf+aqMcmwvd808pJ ZGOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145476; x=1744750276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rddtyJVGkagQHNe9f3a8JuT1BoUbRkWaa+uFiKj5Ya8=; b=TsR7SKviw+KJnAhhHjLUyfgvo0v116MaNnSDxJySol87oDBrv/aB1A9Fs2v1MPJd0Y rdBOf44KSLGYcEWYZwN+PrwrlQUZT3g+dSGA/ewJNfOYbWzsJR2Wz6U+eaNAs0liYIqm cmLJQZPgm9NGR1PUes8FanixMu9elMKsFLbCpRinxjY7K9gSh8YWkxjspMJFa1fzXP7x e3zmw3/MAmKSlhK/Fpuyo+C03oJJGLjwMJ+KO1O8PYeRKj9Z5iOBMv/kdYQIiTvbjT0t CYz08F/ROoNYsulIoy2+6x+xKcUXnW4f0QKGjt4chnYE5qLIk7WKRtnTZWp+PqYcyDt3 G8FA== X-Gm-Message-State: AOJu0YzJizUoXOJZbeiJa5o1SUDqy1035YpKDCSoRrID5Wca7KGR4XmL 1gofJfL/iozlyUf1djERaERf9WIEpOamhGyi+Z8OYIlP7gT+2u+LDNmBDK0NItdPjdQNy9WSewi z X-Gm-Gg: ASbGnctXuVwX26HpvGdR+HHALUEYeStQzkJZfHbq3zn/EY32TpSI1I0xRPoZP0Cf4gs 8Z6bdu74d2cFbxSPlEhQscHkk2JnGJE3ONNbtHs4AqPNs8ngHLMnxePtJ1pHRKRg6S75OigHg4h szwA+J59NBw65rFy2M1TSlJXf6xZvLNeEtIRqZv95ACyz2c3kkl4gNfciKa27jSOVtoD/GU+oHM c107stbm2d4cNR+1pVXX1mTahpSwepEMoZxOLzDhcWvr5/3hcUduC651b+WQDUm471oIayyXFOl d4yGj7hvMohj5L8khsgpjPABaJbI/pf7o+uFmooJVen6YgI= X-Google-Smtp-Source: AGHT+IFJlWsYpFe5DxnRViaqCvAm/vvaiYVFgrdhUwRy1m0mm1FqxQNSa7QOWY3BoJmLy7eAXhPpPA== X-Received: by 2002:a17:903:1450:b0:223:53fb:e1dd with SMTP id d9443c01a7336-22ac3f2f26dmr2110295ad.9.1744145475726; Tue, 08 Apr 2025 13:51:15 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] curl: ignore CVE-2025-0725 Date: Tue, 8 Apr 2025 13:50:57 -0700 Message-ID: <9077246122b1284e8b6430384cccaf6f0b6c80c3.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214556 From: Yogita Urade CVE-2025-0725 can only trigger for curl when using a runtime zlib version 1.2.0.3 or older and kirkstone supports zlib 1.2.11 version, hence ignore cve for kirkstone. Reference: https://curl.se/docs/CVE-2025-0725.html https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=8c3b4a604b40260e7ca9575715dd8017e17d35c0 Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- meta/recipes-support/curl/curl_7.82.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index cda42da4d3..748afc1235 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -73,6 +73,8 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan CVE_CHECK_IGNORE += "CVE-2023-42915" # ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack CVE_CHECK_IGNORE += "CVE-2024-32928" +# ignored: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older +CVE_CHECK_IGNORE += "CVE-2025-0725" inherit autotools pkgconfig binconfig multilib_header From patchwork Tue Apr 8 20:50:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61006 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6FB9C369A6 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.6772.1744145478110135924 for ; Tue, 08 Apr 2025 13:51:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=dB0tE7yN; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2255003f4c6so55003185ad.0 for ; Tue, 08 Apr 2025 13:51:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145477; x=1744750277; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TQDh0L/wU+L68MH8e6E8aWLUthc1ANzltKPevKFVZUc=; b=dB0tE7yNCIcL90bhnnNeanat/s1QSQI4tXP5zzz8fero7FeczEj9U7PsM5bBC+ntkN /8o7PukYHjU1bS25M+88aNd4j336D73YMrgSZrLacc2pLFlcLnW6g1O/NV3TzW0jbb7Q mrf+RG8d2SRynW92lZOkl2m5CAaYyOPVNwDWL3kUL7SvdFMmFSIQ1aoyn9xq2L8tcdiQ DhDajGyVlJYmGGogkC79LeZ79CUYNrXUGEeHPyrtMMzHbNkaCYAINoSVPlOfscdVKa73 JTEYX89pHz0dUzITh3rp/f2yZoAwtQZ9NUX3vD/xz4DBsI8vLuZgk6TVOuWuogKOR06s CE1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145477; x=1744750277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TQDh0L/wU+L68MH8e6E8aWLUthc1ANzltKPevKFVZUc=; b=BvQj/XUnclE0s4p2pvu+icW+VfE8UcenxfPJ3h6nVsEBTO2Ss+cc4qwC/4TLT7jf1A +RqODrgvcXkY/qGwSskT977YTryDG9yLT6xbJF6keVmoIoV6WggK2WQOVMmGq7060fXp mJojtZ3ghfUfc2DOARHAix/CFhPritzwX4UYqgN1ErS/31JuIl0qOZ9qUYKR4dCE5EqP u3SFTWfe09qRajj/d4NgFPkCcmlr5KoRLGvF6sNF5pgaOV1Ubu9t9yq2kCxmqOaBW3Ur SQeASGe+3/w2iPOtNd6UdNe4zScEiXefuFteV4VEMe4giVwrDN+Szv9x7CyXbqP7uQNH Fa+g== X-Gm-Message-State: AOJu0YzBxU1UoZrHtIhKMAWfIh5x4W3imObyQcJYuSu9xBc57ZFGJ/Gi L4ET9AxPZtwnv0jvzu+/Hi5+vvPgnvogY2Ml0BK7/XzgOtrh6JtnAI2U2a6Pm6By+Ov5NkgFgmr W X-Gm-Gg: ASbGncs5CBeRHnecwW1HK1nfmxab/mlKyE95AfSBu9HW/1rAD7dqXP26jlOEzFsjkHA /d0KSuGzjMwBVAmhSnJP9Q/gn8R3kjQg7iJdzv/ALiFlO1GHqz0E/FctWNYIzoJ8JlCqHrFcHVm Sr0M6y+vYCTsBOWBqcyTLpcZ0dgBrg3NWa3xB4viFwJRQbmJDm4qn2BsRkAQthcVPUKmWT+fWiY e0F1l2J3+v7rzlq1ngrfZiGYX+C1cF7iFlgpOsr90xKJgVcaxoh3S6b3O/SbwPaapntONpbVNMi DboYnYgEPtqHYEyke+iQmgR2UQazOVUJBgFW X-Google-Smtp-Source: AGHT+IGWJbnJA6S0MYIeN7N9vj7vRcWbu72ri2uB8iqtDfHDZbSUgbrcWiZhI8SbBv5x3Yji1oY6Rw== X-Received: by 2002:a17:902:db0d:b0:224:c47:cbd with SMTP id d9443c01a7336-22ac285a533mr9391025ad.0.1744145477302; Tue, 08 Apr 2025 13:51:17 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] ofono: patch CVE-2024-7537 Date: Tue, 8 Apr 2025 13:50:58 -0700 Message-ID: <7f3a567b8e1446863e6c5c4336b4cb174592f799.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214557 From: Peter Marko Pick commit https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../ofono/ofono/CVE-2024-7537.patch | 59 +++++++++++++++++++ meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch new file mode 100644 index 0000000000..518b042d5b --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch @@ -0,0 +1,59 @@ +From e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Mon Sep 17 00:00:00 2001 +From: Ivaylo Dimitrov +Date: Sun, 16 Mar 2025 12:26:42 +0200 +Subject: [PATCH] qmi: sms: Fix possible out-of-bounds read + +Fixes: CVE-2024-7537 + +CVE: CVE-2024-7537 +Upstream-Status: Backport [https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb] +Signed-off-by: Peter Marko +--- + drivers/qmimodem/sms.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/qmimodem/sms.c b/drivers/qmimodem/sms.c +index 3e2bef6e..75863480 100644 +--- a/drivers/qmimodem/sms.c ++++ b/drivers/qmimodem/sms.c +@@ -485,6 +485,8 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + const struct qmi_wms_result_msg_list *list; + uint32_t cnt = 0; + uint16_t tmp; ++ uint16_t length; ++ size_t msg_size; + + DBG(""); + +@@ -494,7 +496,7 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + goto done; + } + +- list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, NULL); ++ list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, &length); + if (list == NULL) { + DBG("Err: get msg list empty"); + goto done; +@@ -503,6 +505,13 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + cnt = GUINT32_FROM_LE(list->cnt); + DBG("msgs found %d", cnt); + ++ msg_size = cnt * sizeof(list->msg[0]); ++ ++ if (length != sizeof(list->cnt) + msg_size) { ++ DBG("Err: invalid msg list count"); ++ goto done; ++ } ++ + for (tmp = 0; tmp < cnt; tmp++) { + DBG("unread type %d ndx %d", list->msg[tmp].type, + GUINT32_FROM_LE(list->msg[tmp].ndx)); +@@ -516,8 +525,6 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + + /* save list and get 1st msg */ + if (cnt) { +- int msg_size = cnt * sizeof(list->msg[0]); +- + data->msg_list = g_try_malloc0(sizeof(list->cnt) + msg_size); + if (data->msg_list == NULL) + goto done; diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb index 1083b91d56..9f11af9236 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.34.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb @@ -25,6 +25,7 @@ SRC_URI = "\ file://CVE-2024-7546.patch \ file://CVE-2024-7547.patch \ file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \ + file://CVE-2024-7537.patch \ " SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7" From patchwork Tue Apr 8 20:50:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61007 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4DB6C36010 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.6951.1744145479660462414 for ; Tue, 08 Apr 2025 13:51:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vBPT0zjs; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-227b650504fso55349655ad.0 for ; Tue, 08 Apr 2025 13:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145479; x=1744750279; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AfLtqcM8vaZKmosu0fp2wSEgynW2d7qyKJuZ1hJJycc=; b=vBPT0zjsCqISaj2Qj+zn264Um3mf4h9Kvh6cYjwbac0tfMK7UHRKjIfmFLi1IBJ971 XRCmduQEephpESPYj5L99DovbKry151RVsvTmecyY2xgV6hKWh1TPXEbDM4XC93058CZ iBTa/mc3Ydt2MezxUbYXro35QEAqlyyYMzggmiFSvVEcYv1VNMCtk5Z86la2PexV16Y7 nrpEuUeg7TQJJtU+oV845lyg8e8g6CSW5tGGlGGzt+zHLKCsbk99qg0+Ma0ZMHJCM4R6 dVzaUXJxYEQ4LwCopuCwUBudnU4Z6dFNkybSTpanmtesST+WFbEcLlYNcEBBT2De09D/ Y3Mw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145479; x=1744750279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AfLtqcM8vaZKmosu0fp2wSEgynW2d7qyKJuZ1hJJycc=; b=qYW/SWNHyJnpcCYC7GUgT3NtwIxpYC3HTqNO8IOB7BPbMIUtRkncXfg6FfYfpCFmyv 8ZUO6GEJXfvFeCBpPa1VsqU1nAtG+1PWqjFO4OUnpnfi3x8tBrxShMyMQUMZ3nsjvnfR MmzVUVrLkN7ZjmikTLpHUz9Qb/dMZRr52w7ztCLVhACJpMgB3euvNVVXWzPuTD41dT5N 2kuTGn0xt7rwXlbvk1Yf/+I8mZ7pKCc30sD0OV4pDo1IcCVIKj8/dblpUsGqOj/k1X5W QDRnZeHgdg6vf7jgur4B14Q4sKr31p1xjiVAdSpJM67wYwlpFNkeFFx0CoWPqN6VxBcx 7sHQ== X-Gm-Message-State: AOJu0Ywc5a9r7IWP8z2tNeW2jjlChG/xb0bYU5rz+29x1P0krlXi67X2 HVJnHN8dD4vkI1iZAokh9r2PiTh9gDV4cyasEZzAIRtZWoH6JppoO7+5qX14qOmrem6EEKrNias t X-Gm-Gg: ASbGncu8EofTIn99yHS0hi424x1OLsw7lwylGjXqCBZAZdxf05qsInRuudl6SRB8Ori eZbeyVQdYIlN0faP3+6tJ/XTRR5wh5pT0aL1uZIp8NprV8yhVCdUIdqXwaOeU3rdZz7bVNAy/bA zvSSC4gKQ1JQ943pckF3X65SuZpnwMBdFgbnm63X31WelIyDzJfj5xqegvLbCsQcM3cxxWpMA2Q uTh62i9m9Dxcerd5OkpYi81LPl6Ui3pgBJ3W1OFiKlMVlp3z/9Plyp4x/NhrEpx2+yPpZhCuSjS iqVuQGVQZ2jCTl4hK34Kxn6lPA3mJlUU0CPa X-Google-Smtp-Source: AGHT+IHhaoduymjcoSrFFxPoTdBRV+eCPiF0mg9zZxQTH43YJLIHhNDAKyRp12i9yBS5SH6ua2Zxjw== X-Received: by 2002:a17:902:f68a:b0:224:6ee:ad with SMTP id d9443c01a7336-22ac400e421mr1723535ad.44.1744145478743; Tue, 08 Apr 2025 13:51:18 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] ghostscript: Fix CVE-2025-27830 Date: Tue, 8 Apr 2025 13:50:59 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214558 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27830.patch | 79 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 80 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27830.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27830.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27830.patch new file mode 100644 index 0000000000..a516b8ad41 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27830.patch @@ -0,0 +1,79 @@ +From 8474e1d6b896e35741d3c608ea5c21deeec1078f Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Mon, 13 Jan 2025 09:15:01 +0000 +Subject: [PATCH] Bug 708241: Fix potential Buffer overflow with DollarBlend + +During serializing a multiple master font for passing to Freetype. + +Use CVE-2025-27830 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f] +CVE: CVE-2025-27830 +Signed-off-by: Vijay Anusuri +--- + base/write_t1.c | 7 ++++--- + psi/zfapi.c | 9 +++++++-- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/base/write_t1.c b/base/write_t1.c +index 52902be..d6b2454 100644 +--- a/base/write_t1.c ++++ b/base/write_t1.c +@@ -628,6 +628,7 @@ write_main_dictionary(gs_fapi_font * a_fapi_font, WRF_output * a_output, int Wri + WRF_wbyte(a_fapi_font->memory, a_output, '\n'); + if (is_MM_font(a_fapi_font)) { + short x, x2; ++ unsigned short ux; + float x1; + uint i, j, entries; + char Buffer[255]; +@@ -759,16 +760,16 @@ write_main_dictionary(gs_fapi_font * a_fapi_font, WRF_output * a_output, int Wri + */ + code = a_fapi_font->get_word(a_fapi_font, + gs_fapi_font_feature_DollarBlend_length, +- 0, (unsigned short *)&x); ++ 0, &ux); + if (code < 0) + return code; + +- if (x > 0) { ++ if (ux > 0) { + int len; + WRF_wstring(a_fapi_font->memory, a_output, "/$Blend {"); + + if (a_output->m_count) +- a_output->m_count += x; ++ a_output->m_count += ux; + len = a_fapi_font->get_proc(a_fapi_font, + gs_fapi_font_feature_DollarBlend, 0, + (char *)a_output->m_pos); +diff --git a/psi/zfapi.c b/psi/zfapi.c +index 0b3ab1c..1ffef47 100644 +--- a/psi/zfapi.c ++++ b/psi/zfapi.c +@@ -682,7 +682,7 @@ FAPI_FF_get_word(gs_fapi_font *ff, gs_fapi_font_feature var_id, int index, unsig + } + for (i = 0; i < r_size(DBlend); i++) { + if (array_get(ff->memory, DBlend, i, &Element) < 0) { +- *ret = 0; ++ length = 0; + break; + } + switch (r_btype(&Element)) { +@@ -709,7 +709,12 @@ FAPI_FF_get_word(gs_fapi_font *ff, gs_fapi_font_feature var_id, int index, unsig + default: + break; + } +- } ++ ++ if (length > max_ushort) { ++ length = 0; ++ break; ++ } ++ } + *ret = length; + break; + } +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 6d425710b5..dae8dff813 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -62,6 +62,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2024-46953.patch \ file://CVE-2024-46955.patch \ file://CVE-2024-46956.patch \ + file://CVE-2025-27830.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61011 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7C1DC369A5 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.6775.1744145481078512557 for ; Tue, 08 Apr 2025 13:51:21 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NGJ+EYUb; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-223fd89d036so73585595ad.1 for ; Tue, 08 Apr 2025 13:51:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145480; x=1744750280; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4b0UsnO7c5Ii1hrsKHwfSCjKqWpb92NGASRIJLf3U4Y=; b=NGJ+EYUb0enZxTs/f6j59IPYFTzp3L/22zohixevdkcQCkqNJfJMy8rIFWjAFotk+K ww6M8qAo95YwfnOXoOOa4Oadw1mjBBPBtQt+67D7VGw38PBYlnd7btaKWMOFB9/ayyag pnuFjjDU7QcHcD2Rvna6XvAZgRs5yZwK0EMBEzSYabvIzd4mJD68BU3HvJmgf1707YOu 2j1TB1PQzQniHlK8O09Uju25k1KWxcwoMbBM4vX34JXUy0f9rGuhxUWS9NMELoIA35bn bpMQmVs2DYXgSCZkZ9EMsI7db5es8Kx4wofg7mlMSM1kSIVKv3/F+ochausSAPj1oqfQ +24g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145480; x=1744750280; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4b0UsnO7c5Ii1hrsKHwfSCjKqWpb92NGASRIJLf3U4Y=; b=YwZKBxEgp9EprHgVOCXFITyL5pZdc5RJLl2wHrMhOBRlu2h3BGyUILCJpb4Ab3whTZ ahLtc6DcOmgK/d3cosYQ6s4gaoUW1Rv3Wk97Ii9jez+5zqEJje5vRdRyhSlXRMsnSYwq hg+iuMIaxxvA7+jinR48E22Hm5DfxkBIZLP65Cgh1v1GzuDTjk8BFiVb4roIIpW9Sfgb KnOG3qcHZ7bFY/U9UprLEHOF0uNlAHDNQ5qy97W5a2dkyMID+D8FZ/mbRrFBokrScnZY 2wNnSzWhMOgW4pDAJREXaX7OV176zZ4xB3uSEisiPTm12jsxhXtfJli5wE8Ab341b4BK pPjQ== X-Gm-Message-State: AOJu0Yy7dWEOcq49g1QY1FuC+PmO2XdVeeuDDp2AfnveBj/jaxzteDgD EWys6SosHODWHuTFoEnGQ9zu5ku6TkELaUQ1+noh8KpqJTKx5MVuTDz7IEC9ByHhi3bPv/o/zqh k X-Gm-Gg: ASbGncsQHd8+UNmooBZ/uE3ti/Y6XOu0sQx17XeDHcfzUpIlOFeYTDPn7IZ9lQRJVjK AIfpTB+YTeQSD/kjGM/EkgpAh+IfEB5vWbTt57FwyWFbF4Bo+w3jlVEWaHnhMANhJC7xGHo1yFO d1VcITZJbIbDCDjyEyK/8ZoFzwpqUcCFJcVLu64S11BsAFeseuGofVMt6JX1JJdMES2iiIHq1N7 b4vF85m0tp1/LkyK6HfjkvJq88WXYCDfSQIVY9zDLG0kz3w1vUsrIboRSvCRzOGp2CvTN3r5u8J mn47392kYladatb8ZWpJGPmkewhH3zj26eze X-Google-Smtp-Source: AGHT+IHMTtjVp+c5nCLy1R21TuAtSSGcOP0jdESPY5trd+C8SZC7T9SgyfjU0oXEMM5MEpuWNctU+Q== X-Received: by 2002:a17:902:f54a:b0:225:ac99:ae08 with SMTP id d9443c01a7336-22ac3f32236mr2015555ad.5.1744145480204; Tue, 08 Apr 2025 13:51:20 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] ghostscript: Fix CVE-2025-27831 Date: Tue, 8 Apr 2025 13:51:00 -0700 Message-ID: <810795d2f1d7798c52675efd94917bf99fb940d0.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214559 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf79b61cb1677d6865c45d397435848a21e8a647 & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf79b61cb1677d6865c45d397435848a21e8a647] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27831-pre1.patch | 50 +++++++++++ .../ghostscript/CVE-2025-27831.patch | 84 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 2 + 3 files changed, 136 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831-pre1.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831-pre1.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831-pre1.patch new file mode 100644 index 0000000000..bdf597f38e --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831-pre1.patch @@ -0,0 +1,50 @@ +Partial backport of: + +From bf79b61cb1677d6865c45d397435848a21e8a647 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Tue, 27 Sep 2022 13:03:57 +0100 +Subject: [PATCH] PCL interpreter - fix decode_glyph for Unicode + +The text extraction (and pdfwrite family) expect that decode_glyph +should always return pairs of bytes (an assumption that Unicode code +points are 2 bytes), and the return value from the routine should be +the number of bytes required to hold the value. + +The PCL decode_glyph routine however was simply returning 1, which +caused the text extraction code some difficulty since it wasn't +expecting that. + +This commit firstly alters the text extraction code to cope 'better' +with a decode_glyph routine which returns an odd value (basically +ignore it and fall back to using the character code). + +We also alter the pl_decode_glyph routine to return 2 instead of 1, +so that it correctly tells the caller that it is returning 2 bytes. +Finally we make sure that the returned value is big-endian, because the +text extraction code assumes it will be. + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=bf79b61cb1677d6865c45d397435848a21e8a647] +CVE: CVE-2025-27831 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + devices/vector/doc_common.c | 8 ++++++++ + pcl/pl/plfont.c | 12 +++++++++--- + 2 files changed, 17 insertions(+), 3 deletions(-) + +--- a/devices/vector/doc_common.c ++++ b/devices/vector/doc_common.c +@@ -513,6 +513,14 @@ int txt_get_unicode(gx_device *dev, gs_f + char *b, *u; + int l = length - 1; + ++ /* Real Unicode values should be at least 2 bytes. In fact I think the code assumes exactly ++ * 2 bytes. If we got an odd number, give up and return the character code. ++ */ ++ if (length & 1) { ++ *Buffer = fallback; ++ return 1; ++ } ++ + unicode = (ushort *)gs_alloc_bytes(dev->memory, length, "temporary Unicode array"); + length = font->procs.decode_glyph((gs_font *)font, glyph, ch, unicode, length); + #if ARCH_IS_BIG_ENDIAN diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831.patch new file mode 100644 index 0000000000..8956d276d1 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27831.patch @@ -0,0 +1,84 @@ +From d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17 Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Thu, 21 Nov 2024 10:04:17 +0000 +Subject: Prevent Unicode decoding overrun + +Bug #708132 "Text buffer overflow with long characters" + +The txt_get_unicode function was copying too few bytes from the +fixed glyph name to unicode mapping tables. This was probably +causing incorrect Unicode code points in relatively rare cases but +not otherwise a problem. + +However, a badly formed GlyphNames2Unicode array attached to a font +could cause the decoding to spill over the assigned buffer. + +We really should rewrite the Unicode handling, but until we do just +checking that the length is no more than 4 Unicode code points is +enough to prevent an overrun. All the current clients allocate at least +4 code points per character code. + +Added a comment to explain the magic number. + +CVE-2025-27831 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17] +CVE: CVE-2025-27831 +Signed-off-by: Vijay Anusuri +--- + devices/vector/doc_common.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/devices/vector/doc_common.c b/devices/vector/doc_common.c +index 690f8eaed..05fb3d51f 100644 +--- a/devices/vector/doc_common.c ++++ b/devices/vector/doc_common.c +@@ -479,7 +479,7 @@ int txt_get_unicode(gx_device *dev, gs_font *font, gs_glyph glyph, gs_char ch, u + } + if (strlen(dentry->Glyph) == gnstr.size) { + if(memcmp(gnstr.data, dentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, dentry->Unicode, 2); ++ memcpy(Buffer, dentry->Unicode, 2 * sizeof(unsigned short)); + return 2; + } + } +@@ -497,7 +497,7 @@ int txt_get_unicode(gx_device *dev, gs_font *font, gs_glyph glyph, gs_char ch, u + } + if (strlen(tentry->Glyph) == gnstr.size) { + if(memcmp(gnstr.data, tentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, tentry->Unicode, 3); ++ memcpy(Buffer, tentry->Unicode, 3 * sizeof(unsigned short)); + return 3; + } + } +@@ -515,7 +515,7 @@ int txt_get_unicode(gx_device *dev, gs_font *font, gs_glyph glyph, gs_char ch, u + } + if (strlen(qentry->Glyph) == gnstr.size) { + if(memcmp(gnstr.data, qentry->Glyph, gnstr.size) == 0) { +- memcpy(Buffer, qentry->Unicode, 4); ++ memcpy(Buffer, qentry->Unicode, 4 * sizeof(unsigned short)); + return 4; + } + } +@@ -527,12 +527,16 @@ int txt_get_unicode(gx_device *dev, gs_font *font, gs_glyph glyph, gs_char ch, u + return 1; + } else { + char *b, *u; +- int l = length - 1; ++ int l; + + /* Real Unicode values should be at least 2 bytes. In fact I think the code assumes exactly + * 2 bytes. If we got an odd number, give up and return the character code. ++ * ++ * The magic number here is due to the clients calling this code. Currently txtwrite and docxwrite ++ * allow up to 4 Unicode values per character/glyph, if the length would exceed that we can't ++ * write it. For now, again, fall back to the character code. + */ +- if (length & 1) { ++ if (length & 1 || length > 4 * sizeof(unsigned short)) { + *Buffer = fallback; + return 1; + } +-- +cgit v1.2.3 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index dae8dff813..94a21d1dce 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -63,6 +63,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2024-46955.patch \ file://CVE-2024-46956.patch \ file://CVE-2025-27830.patch \ + file://CVE-2025-27831-pre1.patch \ + file://CVE-2025-27831.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61010 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0856C369A7 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.6777.1744145482628633063 for ; Tue, 08 Apr 2025 13:51:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Aodkik39; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-224191d92e4so57641045ad.3 for ; Tue, 08 Apr 2025 13:51:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145482; x=1744750282; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NApTa1aDCmWxQoPAXAMuu0ah98gCDaW6cQHYbjbbERk=; b=Aodkik39LGp116Q2f/Qg8cV37/KMPX4aiVY0q3TET4Q4F4aUPNK/y4DCGUZ91weRwr hLMgZdWBko6QcEx0UQKT02B1qmGAqkwHID9zkxNOlB5RPsmTIKdsIFxHcEV43qpsbuNE 648QnoY7lMKCLm7OzWeGtK+Xpjw/s2A4WHqODPQ5Dx8J4Focbf1Vr9c19nipJXgcvt2h 3mWM5oBHQOTiA0HtHvRZFqQRDNdnh+ZXv4KWj03V6HWpjaRlMoEVy8eagzUh878YPnF/ q61x+su7tGIKtl5UWVpQvZzwU0XhHAZdpmUSaA/rNV6YGtXJgJFVlDY1ZeongIKPNRNu ADJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145482; x=1744750282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NApTa1aDCmWxQoPAXAMuu0ah98gCDaW6cQHYbjbbERk=; b=V88x135+rywFvuFsko7wPcOmIrH2EYjJkeUms6u0pXF7YMfNQMCTw/liTVrEpyKZfz ERtjzZQ02W0Jh0rYOKcqvoNvk+6FFanNIWF1daYfGw9LRnuZcCyO5b/PgX2v96SN6XdF Bqdmi0d4jDXZqgbi4vtT2N7qxbDAF7PFCz0U6SO5gxI5wJ2srU+QtObSentxW5P9GU4u U3xziQnN7AJNAf72caeWkdQluLi7j4VDPehmhQvgIs4aj75qOCGbZdinYfwItWS7Wzio ts1iOJYJfsx3olDO0fK+QP1ui7vyPhptAhoGKlNy6uGDaLKq2QNJi/M99j8b61L/xYqz 1z9A== X-Gm-Message-State: AOJu0YzrR2vMWwkoAsMPMg20tpnecJ4REuObhEtGHEuCvB07n8+BKZDo qmX4k/D5oJ9OZKpup9Znt2iExXt1NvKxZs/VgXW8EzXI5QqTEKo6IEgUxOB3b2z6nipjHPhAkjd z X-Gm-Gg: ASbGncsRSR6GwL7DqdV+g4zsa2OXYW9RXkFWbMAIDdj2rsO9uE54VEmCsBR8UmPvnmQ jHWTJjgFbiwxFdUq+gmPu5xSXI4c9ZDUpoH/yQmeVRdQbMVzleh86moLLx2j+LH5F6rIa43tcLS l+uQot85nPqMo2IbhT4uZTaxQGJUSkv0Z/f7Z/XXgp2gWM1mk8YKGFelOXaY//oKwQqnxCpyVqQ igTrms02IZ7DDIitUVKfQcUBNFkWPRGDoMaIZkvIPVTWFP7N/mDdwJDhfqARpRXku4avHrWzc13 IyH9eY31P/SDdnttRHkSMdxvXMK9brYFbCjb X-Google-Smtp-Source: AGHT+IFugtXTCNHlHtqzz+u57GMrJudgEtYp9ebb1N52e9p4Ri1hXuOYIUo5cC2Rdipx/5q56tKKyA== X-Received: by 2002:a17:902:ce89:b0:223:4b8d:32f1 with SMTP id d9443c01a7336-22ac3f3186amr2527355ad.1.1744145481656; Tue, 08 Apr 2025 13:51:21 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] ghostscript: Fix CVE-2025-27832 Date: Tue, 8 Apr 2025 13:51:01 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214560 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27832.patch | 45 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27832.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27832.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27832.patch new file mode 100644 index 0000000000..c3a328bcc9 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27832.patch @@ -0,0 +1,45 @@ +From 57291c846334f1585552010faa42d7cb2cbd5c41 Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Wed, 20 Nov 2024 11:42:31 +0000 +Subject: Bug 708133: Avoid integer overflow leading to buffer overflow + +The calculation of the buffer size was being done with int values, and +overflowing that data type. By leaving the total size calculation to the +memory manager, the calculation ends up being done in size_t values, and +avoiding the overflow in this case, but also meaning the memory manager +overflow protection will be effective. + +CVE-2025-27832 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41] +CVE: CVE-2025-27832 +Signed-off-by: Vijay Anusuri +--- + contrib/japanese/gdevnpdl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/contrib/japanese/gdevnpdl.c b/contrib/japanese/gdevnpdl.c +index 60065bacf..4967282bd 100644 +--- a/contrib/japanese/gdevnpdl.c ++++ b/contrib/japanese/gdevnpdl.c +@@ -587,7 +587,7 @@ npdl_print_page_copies(gx_device_printer * pdev, gp_file * prn_stream, int num_c + int code; + int maxY = lprn->BlockLine / lprn->nBh * lprn->nBh; + +- if (!(lprn->CompBuf = gs_malloc(pdev->memory->non_gc_memory, line_size * maxY, sizeof(byte), "npdl_print_page_copies(CompBuf)"))) ++ if (!(lprn->CompBuf = gs_malloc(pdev->memory->non_gc_memory, line_size, maxY, "npdl_print_page_copies(CompBuf)"))) + return_error(gs_error_VMerror); + + /* Initialize printer */ +@@ -683,7 +683,7 @@ npdl_print_page_copies(gx_device_printer * pdev, gp_file * prn_stream, int num_c + /* Form Feed */ + gp_fputs("\014", prn_stream); + +- gs_free(pdev->memory->non_gc_memory, lprn->CompBuf, line_size * maxY, sizeof(byte), "npdl_print_page_copies(CompBuf)"); ++ gs_free(pdev->memory->non_gc_memory, lprn->CompBuf, line_size, maxY, "npdl_print_page_copies(CompBuf)"); + return 0; + } + +-- +cgit v1.2.3 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 94a21d1dce..284ae3a28e 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -65,6 +65,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2025-27830.patch \ file://CVE-2025-27831-pre1.patch \ file://CVE-2025-27831.patch \ + file://CVE-2025-27832.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61012 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C67CCC369A9 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.6956.1744145484543633265 for ; Tue, 08 Apr 2025 13:51:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PQBPNmX3; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-225477548e1so58021495ad.0 for ; Tue, 08 Apr 2025 13:51:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145484; x=1744750284; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8xTwZplyy2tqD0rhWPNpBIBYQUiWnXuLwpzuXZX7Sc8=; b=PQBPNmX3hl1Fg+hckGK3RyDNha6Ieol8ZR3yLTwo5HKV52x050aJyfffwyeSE4LJQK HqGVpst/Z8DZrBnEXHL4O9am/G6ceaJLhTtYSvUPTRSxDyq9qZQSYd1Qk4aBgeHhk6Oq MAVlvOj/wRXb44taZgQ2DiC0jCy3qYX3Fi5XwyiqofX0rze9ADDMZiNdT1RwcBq5XSkx ziAb70Cv/gg+jnyC4h1sCDCw7425MJvIEs07dnA3Y1mSXb3pks3bweIBucSw6vVK6vYq zbhakOwToRDg4ocUguVtMMUUwvHvOz0fsHjthhOBhRbSCWay4miEdP2ZU5iruYTfTkvz 7opA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145484; x=1744750284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8xTwZplyy2tqD0rhWPNpBIBYQUiWnXuLwpzuXZX7Sc8=; b=ZQ6nQZf9V4h++i7uRygBMHJ7aBoZKiFlgcc4ZgGBO2IG+S2NwhzPjv5lUlc7wgUrVl Y5tDpYA6q2gfMz2398smYVrxP+qPp4C0jEFNKmgaTxImUL7hlo0P4LVplvl9tR+mokoM lPAm0LB20Xp5ZQf+ms9bmbyBARX1MbblkBflv//5kJOikSnfN3/ieV6R4THHSYU+mb36 gzNSGa4Es/xxZYaHamu0twiZb4p1IMVvIikdREm0nZk6vr+ePpv41uArO5z7Tr3iZ6Gd hPmsltBiRcr08A4VuUOHN9u5XfqCYksvLn7YvAx+Es9jQ1tl6txAYvzF4OxRxwmCTmMm Z5dw== X-Gm-Message-State: AOJu0YwJ7m2VgB0ssWLiXHZjfJd7V/Z7bBbKkSa4pwuKXW2Jag5OlZKu ZOekkQ9aZ0db/RBTEx0t8pOnFoWhEpUXXhJ5WoeH1diXgcKLn/rVU95lu6/PaEOFHLTj4rfuNRF f X-Gm-Gg: ASbGncvI9L7BFn0nHShIIKQuE/uLGPjkKBxXqsH4Kn3ZTF5r/BbKcTA9pWz4j9lDcRn RXwoch2gL/RfsYxoW8Geyzctnr7RuZ3FoVgaqQeu9/CfTEiGzSFd3Yvj6l6GxPk8RTTHfQPxV+V 22epzN8ne4lOfCrH0YSknJLH769bITVQ44e071MK5uVyWBvjeTvxWSTMqSYXbcMfZxLXmcT33eN 2ajq0cCyiyM0elEZnrm4y3hk2yqWdGtp69qRW+fst4yo12bjcL6RuQT/JmehXB644KQqQkeu68B ZVNJKqM3UQVtH+MctULcJ6eA788Lhvs9FY+6 X-Google-Smtp-Source: AGHT+IGUHe+XTuNmucAXUof0O71tPC5bOfSk9mCoSVBwNy+XQCmKlNNSYtRgiZgTUyfgu2XgNEFdwg== X-Received: by 2002:a17:903:2384:b0:220:cb1a:da5 with SMTP id d9443c01a7336-22ac2a2a88bmr9806255ad.40.1744145483568; Tue, 08 Apr 2025 13:51:23 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] ghostscript: Fix CVE-2025-27834 Date: Tue, 8 Apr 2025 13:51:02 -0700 Message-ID: <06fb236cabf550ea7c92cda0a725dd3db8a8a38b.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214561 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ef42ff180a04926e187d40faea40d4a43e304e3b] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27834.patch | 57 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27834.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27834.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27834.patch new file mode 100644 index 0000000000..66e13ca729 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27834.patch @@ -0,0 +1,57 @@ +From ef42ff180a04926e187d40faea40d4a43e304e3b Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Mon, 20 Jan 2025 16:13:46 +0000 +Subject: [PATCH] PDF interpreter - Guard against unsigned int overflow + +Bug #708253 - see bug report for details. + +CVE-2025-27834 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ef42ff180a04926e187d40faea40d4a43e304e3b] +CVE: CVE-2025-27834 +Signed-off-by: Vijay Anusuri +--- + pdf/pdf_func.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/pdf/pdf_func.c b/pdf/pdf_func.c +index 9b7d5bb..423e544 100644 +--- a/pdf/pdf_func.c ++++ b/pdf/pdf_func.c +@@ -153,6 +153,9 @@ pdfi_parse_type4_func_stream(pdf_context *ctx, pdf_c_stream *function_stream, in + byte *p = (ops ? ops + *size : NULL); + + do { ++ if (*size > max_uint / 2) ++ return gs_note_error(gs_error_VMerror); ++ + code = pdfi_read_bytes(ctx, &c, 1, 1, function_stream); + if (code < 0) + break; +@@ -318,6 +321,11 @@ pdfi_build_function_4(pdf_context *ctx, gs_function_params_t * mnDR, + if (code < 0) + goto function_4_error; + ++ if (size > max_uint - 1) { ++ code = gs_note_error(gs_error_VMerror); ++ goto function_4_error; ++ } ++ + ops = gs_alloc_string(ctx->memory, size + 1, "pdfi_build_function_4(ops)"); + if (ops == NULL) { + code = gs_error_VMerror; +@@ -816,6 +824,11 @@ int pdfi_build_halftone_function(pdf_context *ctx, gs_function_t ** ppfn, byte * + if (code < 0) + goto halftone_function_error; + ++ if (size > max_uint - 1) { ++ code = gs_note_error(gs_error_VMerror); ++ goto halftone_function_error; ++ } ++ + ops = gs_alloc_string(ctx->memory, size + 1, "pdfi_build_halftone_function(ops)"); + if (ops == NULL) { + code = gs_error_VMerror; +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 284ae3a28e..376d4a300e 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -66,6 +66,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2025-27831-pre1.patch \ file://CVE-2025-27831.patch \ file://CVE-2025-27832.patch \ + file://CVE-2025-27834.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61009 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2DA6C369A8 for ; Tue, 8 Apr 2025 20:51:26 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.6959.1744145486088231498 for ; Tue, 08 Apr 2025 13:51:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uAVWyqu9; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-22401f4d35aso69155395ad.2 for ; Tue, 08 Apr 2025 13:51:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145485; x=1744750285; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=W7D/wmJ19NjkmUebK39tgFNgBwqHln/fZsxlwCHn+LI=; b=uAVWyqu9LranasljKHrF5xyEQ3KeQ5gbKpwdcpjTeIKRRCp44AH7QXgbeedgLPXlcS 5lyRiAaF54W098WnfVuISONA9gJaSs/+ojavLPlTU4QxhD1ilfVsiGiYAO53KkP83z8J kdPOFBvEdDdiiBGNUq6BsJvyzEea+0RYXGATV05uQbGyS0AZsZwn5iET9lXS569b1RtS qAnSeeyrfG4N/G3ORv5FA+uvW5fnYM1Em6rXk+0RdXgauhfN1PJR7HmkoIZGjIleLV45 q+xpVp215Jam49cQ/pJazUCw1yW9W5jy/7zJASfmSA53fAVR1STMhBPGhzUm5UD9Nc/b cYzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145485; x=1744750285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W7D/wmJ19NjkmUebK39tgFNgBwqHln/fZsxlwCHn+LI=; b=oy8h8Io29JHdTR/iKLeReshjqov4kw/ZnD7e/YMNC8ePNEOuarK34UOB9AG7/EXilb DIcxZnUXhe1u+wH3/z6P2ayw5Sa1RZxK7wRTHgppoP50kY1mX6XD3MWeqpE/pUBUEX5L iO9r3QPCntVEwl3ZY8MhQdVMwhFnsvWY91TO9WHEdvAqvWvFpRwU5cG54gCxcPSvZDEJ LrMTlDEdYnj3pJxK0RBv44dnl9xQOTI/Fn0gwKhcWcb4qeG6UEpigR18BCrEMQ1FU0Wt BM3FjKTwW0Gu/WbdoKe+c9XwF43dp0Fknn2qP7rYF4W0RIB28Q+2E7pAvIdgtZS73ek2 XOZA== X-Gm-Message-State: AOJu0Yy0DhSR9wEZ+COredqpzANfZxWX7ksh936QlNULy29m8AyEjkg6 OqiB1IxkxV/ykyvxceEj+DHpo28DYTVQkZ/H9sMNvmvbhKWD+hAzI0d7fi/+Ufhnq9RBTMeJtrG t X-Gm-Gg: ASbGncsFfSVPHw5Wcj4R49QtcirSTdm+gclXDhk32wUzFQVbJXACfUg/FAFy/MxRbhJ efF6cgcR9VozxFr0Ssxxzkjo1qejKgOmBKLdfLMx9acYYYJ81YkHsYFfX6Z9o5Sg+/k1UF8EZ9g 0nVHBCTrGC3nquuEUUlJwvvHUuENAjtCQdDH7y239PuATTj073jGINmxnBjHFtWbbabfzmsFrBi AdsSlaDHZbEDUUJkvs3sWRZ9IwlCyx7JSzw0S7PcFHD7+xVl6Gk3FAw/l/d8wCYJvU99sV+eaNo K4BqRA5LqNcyLDlcThITpxG0gW1mGeSPhdFkIe87Ue+HB+8= X-Google-Smtp-Source: AGHT+IHnZByzQO+996IHpEdysBfisK+QEOgskKdq7JwiZBENgW50gQ8whZA4idXLwT0cpRscOLFnmg== X-Received: by 2002:a17:902:f681:b0:223:3396:15e8 with SMTP id d9443c01a7336-22ac29a8302mr8851355ad.22.1744145485192; Tue, 08 Apr 2025 13:51:25 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] ghostscript: Fix CVE-2025-27835 Date: Tue, 8 Apr 2025 13:51:03 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214562 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27835.patch | 34 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27835.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27835.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27835.patch new file mode 100644 index 0000000000..9cdefc5201 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27835.patch @@ -0,0 +1,34 @@ +From de900010a6f2310d1fd54e99eeba466693da0e13 Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Wed, 20 Nov 2024 11:27:52 +0000 +Subject: Bug 708131: Fix confusion between bytes and shorts + +We were copying data from a string in multiple of shorts, rather than multiple +of bytes, leading to both an read (probably benign, given the memory manager) +and write buffer overflow. + +CVE-2025-27835 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13] +CVE: CVE-2025-27835 +Signed-off-by: Vijay Anusuri +--- + psi/zbfont.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/psi/zbfont.c b/psi/zbfont.c +index acffb39ef..5850ab54d 100644 +--- a/psi/zbfont.c ++++ b/psi/zbfont.c +@@ -253,7 +253,7 @@ gs_font_map_glyph_to_unicode(gs_font *font, gs_glyph glyph, int ch, ushort *u, u + if (l > length) + return l; + +- memcpy(unicode_return, v->value.const_bytes, l * sizeof(short)); ++ memcpy(unicode_return, v->value.const_bytes, l); + return l; + } + if (r_type(v) == t_integer) { +-- +cgit v1.2.3 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index 376d4a300e..abc0238ddc 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -67,6 +67,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2025-27831.patch \ file://CVE-2025-27832.patch \ file://CVE-2025-27834.patch \ + file://CVE-2025-27835.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61015 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7C74C36010 for ; Tue, 8 Apr 2025 20:51:36 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.6782.1744145487638089536 for ; Tue, 08 Apr 2025 13:51:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iffsyEq9; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-224191d92e4so57641445ad.3 for ; Tue, 08 Apr 2025 13:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145487; x=1744750287; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2tSVoUWwj8yZjrKHa1gy9/Ql4BN9AaKBR0PUj0FZYEY=; b=iffsyEq9g/bb6en1hI8vuYB/C/HqPObqJHUh/ROCz5Er8znSskZb6p2d3JouU+I5oK 09bpKQgP0tGUzOYJnu2YQQ25OGsJ4WZzPm9B+sGJqYQTPuzCUfBbHWPF8I7QwB9B8rl9 S/8ZEmXR2MybSGO40L1mxF1XRUmGlodMT2ABlnB7BcAJo2y1vXLkjCb62kzN361XN998 CAWiDbBimLXowDed94n+H4yOaMVc8CnumlQHOldxIHPDN/hBUtGpv7xwbYWaRUtYWBqs ZoARK4y6krklXev3ipQ7pZznCDTRJzw3ZCZHq5+atHLhUR/wPtdutyfdjvNjBNJ4tz0K txCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145487; x=1744750287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2tSVoUWwj8yZjrKHa1gy9/Ql4BN9AaKBR0PUj0FZYEY=; b=PJLs67GkCRy85t5lUSBAalV8l/urYcX4I2wSzNLb1adRNm1TjFmuS59zZjPnOzZOao x2xmLRSlzqXoiBw3Xc84mFz3JJqXzvzAFTq9VmhgGGB6obeskPvcUbA33GVgkndwqOwa gQseEGWdH9nmtbylQERX3T9EihsB816t7aXZaBs2nup0/E+EkkFYzJWEQNJ3atwbDf4s j2dqACSmTwDpZygGuh2zbC0G7J0T3B0EplQO1OjDRK9YRWnkXqGlp/8a3XmerXmtFYFv uKfblo7sa/FRMUaxO4bMBkLwvB09bP450DRJqHR72578rjsi5n/8HF7uTK6UE6d45chJ e1Pw== X-Gm-Message-State: AOJu0YxYOSEkmnldQDhn8pv3Jj/KJgqW2USPl2pWZjOo9WLBsXTwar93 vOXLsC4n3NKxbNEJogjTdg+TLt8XbXT8yIFMQ9MCrcmi1C7E2FH7/vX+xgZVT3uW8bbSLBC4IgF j X-Gm-Gg: ASbGncv3xAqG43sIGGdW3TBU3KzVzVofaFpWeT79/KcHXjDDqLjQD5WWCRx/qG2oEdr LIKh7+sMta5VwFG+iGV0IP+lEJV426ThlHecNEFfQg0Iu3LghG6hwwyFbP9y4U70b1FZNRk7rCP cD9ubGRkJiqzup1nskUNCkE1TuUQaiakG5wke1MuZjQraGcWE1/SXkSy/jhEOgKW076pDOU2Y8y YTeihzTfCkH4PJEKHOBvARYQ2ic2nwVLIHbk6qozJip5z5pWgxyYM1KFcCVoY1phff/vT599PCR cCDKaD5DoCH6UKlVOCQ4bec+AQYyh6SYroTr X-Google-Smtp-Source: AGHT+IGpXEkOl4WFBXNtvjvUMjnvNm+wt2ALIeH2K/afCTJal/yPmSoKGaP6a+OEHiBqRwhyNRA8vA== X-Received: by 2002:a17:902:f60e:b0:223:faf5:c82 with SMTP id d9443c01a7336-22ac3f3222amr1991425ad.8.1744145486791; Tue, 08 Apr 2025 13:51:26 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/10] ghostscript: Fix CVE-2025-27836 Date: Tue, 8 Apr 2025 13:51:04 -0700 Message-ID: <7399cf17590204f8289f356cce4575592d6e3536.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214563 From: Vijay Anusuri Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 & https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d84efb73723384a8b7fb3989c824cfa218060085] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2025-27836-1.patch | 64 +++++++++++++++++++ .../ghostscript/CVE-2025-27836-2.patch | 46 +++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 2 + 3 files changed, 112 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-1.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-2.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-1.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-1.patch new file mode 100644 index 0000000000..bd32456b99 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-1.patch @@ -0,0 +1,64 @@ +From 8b6d19b2b4079da6863ef25f2370f25d4b054919 Mon Sep 17 00:00:00 2001 +From: Zdenek Hutyra +Date: Mon, 13 Jan 2025 09:07:57 +0000 +Subject: Bug 708192: Fix potential print buffer overflow + +CVE-2025-27836 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919] +CVE: CVE-2025-27836 +Signed-off-by: Vijay Anusuri +--- + contrib/japanese/gdev10v.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/contrib/japanese/gdev10v.c b/contrib/japanese/gdev10v.c +index 0bd3cec02..9d27573dc 100644 +--- a/contrib/japanese/gdev10v.c ++++ b/contrib/japanese/gdev10v.c +@@ -199,17 +199,25 @@ bj10v_print_page(gx_device_printer *pdev, gp_file *prn_stream) + int bytes_per_column = bits_per_column / 8; + int x_skip_unit = bytes_per_column * (xres / 180); + int y_skip_unit = (yres / 180); +- byte *in = (byte *)gs_malloc(pdev->memory->non_gc_memory, 8, line_size, "bj10v_print_page(in)"); +- /* We need one extra byte in for our sentinel. */ +- byte *out = (byte *)gs_malloc(pdev->memory->non_gc_memory, bits_per_column * line_size + 1, 1, "bj10v_print_page(out)"); ++ byte *in, *out; + int lnum = 0; + int y_skip = 0; + int code = 0; + int blank_lines = 0; + int bytes_per_data = ((xres == 360) && (yres == 360)) ? 1 : 3; + +- if ( in == 0 || out == 0 ) +- return -1; ++ if (bits_per_column == 0 || line_size > (max_int - 1) / bits_per_column) { ++ code = gs_note_error(gs_error_rangecheck); ++ goto error; ++ } ++ ++ in = (byte *)gs_malloc(pdev->memory->non_gc_memory, 8, line_size, "bj10v_print_page(in)"); ++ /* We need one extra byte in for our sentinel. */ ++ out = (byte *)gs_malloc(pdev->memory->non_gc_memory, bits_per_column * line_size + 1, 1, "bj10v_print_page(out)"); ++ if ( in == NULL || out == NULL ) { ++ code = gs_note_error(gs_error_VMerror); ++ goto error; ++ } + + /* Initialize the printer. */ + prn_puts(pdev, "\033@"); +@@ -320,8 +328,10 @@ notz: + } + + /* Eject the page */ +-xit: prn_putc(pdev, 014); /* form feed */ ++xit: ++ prn_putc(pdev, 014); /* form feed */ + prn_flush(pdev); ++error: + gs_free(pdev->memory->non_gc_memory, (char *)out, bits_per_column, line_size, "bj10v_print_page(out)"); + gs_free(pdev->memory->non_gc_memory, (char *)in, 8, line_size, "bj10v_print_page(in)"); + return code; +-- +cgit v1.2.3 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-2.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-2.patch new file mode 100644 index 0000000000..2e3817bdae --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-27836-2.patch @@ -0,0 +1,46 @@ +From d84efb73723384a8b7fb3989c824cfa218060085 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Thu, 13 Mar 2025 11:01:16 +0000 +Subject: Fix Coverity IDs 457699 and 457700 + +Not sure if Coverity has been updated, this is ancient contrib code +which has not changed for a long time. + +However, fix the warning by initialising the pointers to NULL, and then +avoid trying to free them if they are NULL. + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d84efb73723384a8b7fb3989c824cfa218060085] +CVE: CVE-2025-27836 +Signed-off-by: Vijay Anusuri +--- + contrib/japanese/gdev10v.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/contrib/japanese/gdev10v.c b/contrib/japanese/gdev10v.c +index 9d27573dc..4d47200e5 100644 +--- a/contrib/japanese/gdev10v.c ++++ b/contrib/japanese/gdev10v.c +@@ -199,7 +199,7 @@ bj10v_print_page(gx_device_printer *pdev, gp_file *prn_stream) + int bytes_per_column = bits_per_column / 8; + int x_skip_unit = bytes_per_column * (xres / 180); + int y_skip_unit = (yres / 180); +- byte *in, *out; ++ byte *in = NULL, *out = NULL; + int lnum = 0; + int y_skip = 0; + int code = 0; +@@ -332,7 +332,9 @@ xit: + prn_putc(pdev, 014); /* form feed */ + prn_flush(pdev); + error: +- gs_free(pdev->memory->non_gc_memory, (char *)out, bits_per_column, line_size, "bj10v_print_page(out)"); +- gs_free(pdev->memory->non_gc_memory, (char *)in, 8, line_size, "bj10v_print_page(in)"); ++ if (out != NULL) ++ gs_free(pdev->memory->non_gc_memory, (char *)out, bits_per_column, line_size, "bj10v_print_page(out)"); ++ if (in != NULL) ++ gs_free(pdev->memory->non_gc_memory, (char *)in, 8, line_size, "bj10v_print_page(in)"); + return code; + } +-- +cgit v1.2.3 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index abc0238ddc..8499bb3676 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -68,6 +68,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2025-27832.patch \ file://CVE-2025-27834.patch \ file://CVE-2025-27835.patch \ + file://CVE-2025-27836-1.patch \ + file://CVE-2025-27836-2.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Tue Apr 8 20:51:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61014 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD1A4C369A5 for ; Tue, 8 Apr 2025 20:51:36 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.6783.1744145489338380410 for ; Tue, 08 Apr 2025 13:51:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=z/Xh0Jdc; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-227aaa82fafso52568535ad.2 for ; Tue, 08 Apr 2025 13:51:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145488; x=1744750288; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tn96zjXxT3J8VL78iwtCoYl0nrQyScFHpB950HXyfSc=; b=z/Xh0JdcTeEvgolvkaiX4lIPf8E+JhX84iFpKCKTqPbV9HEdflVe0qkrnfo/+LUG3K hccGQs30WnSShrpzsv+g9X5nEwwfbJD79IeEy4PJqgKCWye+p0ZztiP1pHduc5jI+Bo3 mNdmk429fXO/OIWNeQ92kCBqBrWAQWOEy64G83JMZqDVOVe7apy5AjlubBHFTHWvPlSC DwATFtxAzv/cufZF6GgOm+qUxZOZx0p4SDVckBbo1dWxVa1z33d5R7mPGZvm5z8JpRAZ B+E87eQmIuP3yyxb7fTCWWAuWNpRgBBVsDYUkfS84aPSuG15BV9Z5agJ1dRZKgnqdX5Y bpRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145488; x=1744750288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tn96zjXxT3J8VL78iwtCoYl0nrQyScFHpB950HXyfSc=; b=ixabxJ67+ewl/+ulUVRLFPmHPCndsmtVwOiFwOn0r8PBUGUBELavME9NGnwOg1PP6F kGf9tAONaCAQHr2zx6YUcGM9eBm8id8bmnR+KHm/DifX3fPcKDSHKmBpCDkkKLBtrZk5 wSzd7e7Dejx72srCU4/GEMDW7gcWAHMxqZTN1mGq5myLXBPcr+wiJOMs1suxDLjTnTnb SbAs+JgZ18vYv0sh/ORvsOhzhqIlRgre3GdonxRbYdwYWWth2I96KjqshT5SpzD8bNLu 5EyQnVJby0MlM4S7hbiyLIbubBL2Op0UMYr5wa55kICoUxJzF0+uSTcJW5qWDjs/ofU2 hyvw== X-Gm-Message-State: AOJu0YyYSNqgtvUzPkDQYS9r3kV+941Rk8pUB9Bw5krEwiwWBlw8OWkK TE7sC+EhZ+Y+98QYS9TwxJJkqHcBzUdiWiHKqJDKV+T4G8NDn0jtrhwAwCRShbi718sHl/xDC58 m X-Gm-Gg: ASbGncup+gU0dTWmNFwjTVorhCT872J8ZpMHBJS4IYE+6mTS67z9HqxxSKf9ot2OAR/ ZNDL7MwnVmSHkqE6kc0Gdx1ien+69fM7oGqSqyJOH7ZxZyTM+z5fc01basWKE/WTRjMVOn3P+LM waTRTDu+818NGlBAWr7Qh2Be02C+kkT53ITOGysFaQcYDLYKQ1G+rSzIZP2/c5SCmoVbUATiAVC MwtvBE/OmdYsA97SJhYVIIbdDEmx3+kVIep7GPmTBuWlHiQDSyclNI/4NdJVbrmXedI2r9/3egH c2NPpbaVImZ06ewgj1dvfADbk62IL6aNji1/ X-Google-Smtp-Source: AGHT+IErnz6rLmleStWJMfjjLVR1Jm3jY+ciEnLoePwbCOX8jvFxx9lXvX4cOjSLLg6WqrJgqgOYSA== X-Received: by 2002:a17:902:dacc:b0:224:2717:7992 with SMTP id d9443c01a7336-22ac3fee4e7mr1525185ad.33.1744145488499; Tue, 08 Apr 2025 13:51:28 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:28 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/10] qemu: ignore CVE-2023-1386 Date: Tue, 8 Apr 2025 13:51:05 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214564 From: Peter Marko Upstream Repository: https://gitlab.com/qemu-project/qemu.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-1386 Type: Security Advisory CVE: CVE-2023-1386 Score: 3.3 Analysis: - According to redhat[1] this CVE has closed as not a bug. Reference: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985 (From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724) Signed-off-by: Madhu Marri Signed-off-by: Steve Sakoman (Converted to old CVE_CHECK_IGNORE syntax) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index bee30cd56f..cae33459e6 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -161,6 +161,9 @@ CVE_CHECK_IGNORE += "CVE-2023-2680" # due to the rocker device not falling within the virtualization use case. CVE_CHECK_IGNORE += "CVE-2022-36648" +# disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985 +CVE_CHECK_IGNORE += "CVE-2023-1386" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" From patchwork Tue Apr 8 20:51:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61013 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7817C369A1 for ; Tue, 8 Apr 2025 20:51:36 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.6965.1744145490779593218 for ; Tue, 08 Apr 2025 13:51:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KhiweKwL; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2254e0b4b79so75274225ad.2 for ; Tue, 08 Apr 2025 13:51:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744145490; x=1744750290; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=; b=KhiweKwLvxthq2EMd5pcccdWrYjraN6KzXXWXIM9NY49iK58wr0pzNsZlZz2GKIC4M XjMorl7bFQ+GlChvfajAi6jO8iMJEXWUlI5CvhNPW8XgcJ0A9dFk73fi0d9iqm8x1Huv 20NFDb/DTj/mYF9sZa+TVFVd1tCOKoTjJkyYZp3cUDjvQwgKbS2Zg0rfhiwsVaCGq17B bckLX8m9EikmA6/MBSxyjZV+3IX07FhR8R0rknmaPMx8l/yrsQt8Ura/ZOSb69JxKhjT X5rSvxBYdjQfTSCs6YNolaiZH5mAALLIYx7qLqpmOJNYBi+jTQeGzbJMSXC1sHROYxwu iM/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744145490; x=1744750290; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=; b=PaLnOL1uWJa3Yg7SzS7LPhbL8FFiB2kfT6YDJW6DEGTrA+065Oqcna3obi3tFdoYvH YWWM5Xu6rgTuszkSRtHXxdns2b0BACAfz4c3YP0jwIoKdOGbf9CLvPHDLZJ7hEoOTzmW 988bboTMVnEafMh9qt2GxIVCd7KbDAWB8TmHS9+Hdm0J/v/DL78hKwLMrZuHCybhYd1z K//m1q7WlAo6sBPrLls8zM8W4QLSJy4WDrPaYC8yDomhaVjpgSf+SgcRInj89N9T4pGm oY2tWDEkQhk9+7YWjrfcVKd5hhNLHN9bwlHha5H8u1NaUW5+3Z6thrlTfqUacW4y3sWh 1cVg== X-Gm-Message-State: AOJu0YzlnfpYub6LhNxiH/lPBO6m4tM6qsd1LSTxIwUpcgy3pNn83uDt IH3DxkTy8l4oq+VVaJmHweNs+PxT6ehT3lwruKiZg8dm9xNOE9aP/WmHYjANeUIZf9kcmhnQ6pO R X-Gm-Gg: ASbGncsDvw/dWbQGaT6/NI2PbPJRcgYZMccKhs8ZdeF+farYPG/6CdXxp7zShJH7opY kJgSA+rsVMx4A+8Z/SqZAEhBEcRA9Anm4Ib5e66lmvx6y0BdxpfT1uqhNGwnsBv03gqpBfg4pcZ oqU0U/DiCw3LNpTBT2JkbJD32bwPjRmuH+O33vwnIcSXjFIko07m7B4PU1UFrY/siUIuOp/cff3 BDwUWy56HMuL0TJdgH3Vse9AQcKYLtRm/ir5Wq8VOBgePHlSReZu2wa5o6A4EsuXqN4M6hWgxjv vUorkQLFM2YU5ckmHk9ui2tzvDGc5wQtvfqv X-Google-Smtp-Source: AGHT+IGBCaMgAeIqA2fK6MG5rlcsDdThV87XUwkUyiVYQB4oV0e/mwWs3LD+uf5nnY2OVE2azwPZxA== X-Received: by 2002:a17:902:fc85:b0:224:f12:3734 with SMTP id d9443c01a7336-22ac29b52bamr10114125ad.30.1744145490029; Tue, 08 Apr 2025 13:51:30 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:70d0:2b27:66e1:8cba]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2297866e242sm105497755ad.164.2025.04.08.13.51.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Apr 2025 13:51:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/10] glibc: Add single-threaded fast path to rand() Date: Tue, 8 Apr 2025 13:51:06 -0700 Message-ID: <19fcc012160c6b8782be0e6fc54797c88bf084ba.1744145328.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 08 Apr 2025 20:51:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214565 From: Haixiao Yan Backport a patch [1] to improve performance of rand() and __random()[2] by adding a single-threaded fast path. [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f [2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777 Signed-off-by: Haixiao Yan Signed-off-by: Steve Sakoman --- ...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++++++++++++++ meta/recipes-core/glibc/glibc_2.35.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch diff --git a/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch new file mode 100644 index 0000000000..736fc51f38 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch @@ -0,0 +1,47 @@ +From 4f54b0dfc16dbe0df86afccb90e447df5f7f571e Mon Sep 17 00:00:00 2001 +From: Wilco Dijkstra +Date: Mon, 18 Mar 2024 15:18:20 +0000 +Subject: [PATCH] stdlib: Add single-threaded fast path to rand() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve performance of rand() and __random() by adding a single-threaded +fast path. Bench-random-lock shows about 5x speedup on Neoverse V1. + +Upstream-Status: Backport [be0cfd848d9ad7378800d6302bc11467cf2b514f] + +Reviewed-by: Adhemerval Zanella  +Signed-off-by: Haixiao Yan +--- + stdlib/random.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/stdlib/random.c b/stdlib/random.c +index 17cc61ba8f55..5d482a857065 100644 +--- a/stdlib/random.c ++++ b/stdlib/random.c +@@ -51,6 +51,7 @@ + SUCH DAMAGE.*/ + + #include ++#include + #include + #include + #include +@@ -288,6 +289,12 @@ __random (void) + { + int32_t retval; + ++ if (SINGLE_THREAD_P) ++ { ++ (void) __random_r (&unsafe_state, &retval); ++ return retval; ++ } ++ + __libc_lock_lock (lock); + + (void) __random_r (&unsafe_state, &retval); +-- +2.34.1 + diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index d9cae79ac2..9073e04537 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -65,6 +65,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \ file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \ file://0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch \ + file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}"